update ci to use super-linter and push to both quay-repos #68
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push to quay | |
| on: | |
| pull_request: | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| tags: | |
| - "v*.*.*" | |
| permissions: | |
| contents: read | |
| env: | |
| REGISTRY: localhost | |
| NAME: vector-embedder | |
| TAG: ${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || (github.ref_name == 'main' && 'latest' || github.ref_name) }} | |
| jobs: | |
| build-container: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Build container and push to local registry | |
| env: | |
| CONTAINER: ${{ env.NAME }}:${{ env.TAG }} | |
| run: | | |
| make build | |
| podman push "${CONTAINER}" "docker-archive:/tmp/image.tar:${CONTAINER}" | |
| - name: Upload image artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: image-${{ github.run_id }} | |
| path: /tmp/image.tar | |
| retention-days: 1 | |
| test: | |
| needs: [build-container] | |
| if: github.event_name == 'pull_request' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| db: [pgvector, redis, elastic, qdrant, mssql] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Download image | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: image-${{ github.run_id }} | |
| path: /tmp | |
| - name: Load image into local containers-storage | |
| run: podman pull docker-archive:/tmp/image.tar | |
| - name: Start MSSQL | |
| if: matrix.db == 'mssql' | |
| run: | | |
| podman run -d --name mssql-vector-test \ | |
| -e "ACCEPT_EULA=Y" \ | |
| -e "SA_PASSWORD=StrongPassword!" \ | |
| -p 1433:1433 \ | |
| mcr.microsoft.com/mssql/rhel/server:2025-latest | |
| - name: Start PGVector | |
| if: matrix.db == 'pgvector' | |
| run: | | |
| podman run -d --name pgvector-test \ | |
| -e POSTGRES_USER=user \ | |
| -e POSTGRES_PASSWORD=pass \ | |
| -e POSTGRES_DB=mydb \ | |
| -p 5432:5432 \ | |
| ankane/pgvector | |
| - name: Start Redis | |
| if: matrix.db == 'redis' | |
| run: | | |
| podman run -d --name redis-test \ | |
| -p 6379:6379 \ | |
| redis/redis-stack-server:6.2.6-v19 | |
| - name: Start Elasticsearch | |
| if: matrix.db == 'elastic' | |
| run: | | |
| podman run -d --name es-test \ | |
| -e "discovery.type=single-node" \ | |
| -e "xpack.security.enabled=true" \ | |
| -e "ELASTIC_PASSWORD=changeme" \ | |
| -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \ | |
| -p 9200:9200 \ | |
| elasticsearch:8.11.1 | |
| - name: Start Qdrant | |
| if: matrix.db == 'qdrant' | |
| run: | | |
| podman run -d --name qdrant-test \ | |
| -p 6333:6333 \ | |
| qdrant/qdrant | |
| - name: Wait for DB to start | |
| run: sleep 30 | |
| - name: Run embed job | |
| env: | |
| CONTAINER: ${{ env.NAME }}:${{ env.TAG }} | |
| DB_TYPE: ${{ matrix.db }} | |
| run: | | |
| podman run --rm --network host \ | |
| -e LOG_LEVEL=debug \ | |
| -e DB_TYPE="${DB_TYPE}" \ | |
| "${REGISTRY}/${CONTAINER}" | |
| push-container: | |
| needs: [build-container] | |
| if: github.event_name != 'pull_request' | |
| strategy: | |
| matrix: | |
| include: | |
| - upload_registry: quay.io/validatedpatterns | |
| legacy: false | |
| - upload_registry: quay.io/hybridcloudpatterns | |
| legacy: true | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| # This is used to complete the identity challenge | |
| # with sigstore/fulcio when running outside of PRs. | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Download image | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: image-${{ github.run_id }} | |
| path: /tmp | |
| - name: Load image into local containers-storage | |
| run: podman pull docker-archive:/tmp/image.tar | |
| - name: Log into Quay | |
| env: | |
| USERNAME: ${{ matrix.legacy && secrets.LEGACY_QUAY_USERNAME || secrets.QUAY_USERNAME }} | |
| PASSWORD: ${{ matrix.legacy && secrets.LEGACY_QUAY_PASSWORD || secrets.QUAY_PASSWORD }} | |
| run: | | |
| podman login -u "${USERNAME}" -p "${PASSWORD}" quay.io | |
| - name: Push image to Quay | |
| id: image-push | |
| env: | |
| UPLOADREGISTRY: ${{ matrix.upload_registry }} | |
| CONTAINER: ${{ env.NAME }}:${{ env.TAG }} | |
| run: | | |
| make upload | |
| DIGEST=$(skopeo inspect --format "{{.Digest}}" "docker://${UPLOADREGISTRY}/${CONTAINER}") | |
| echo "digest=$DIGEST" >> "$GITHUB_OUTPUT" | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 | |
| with: | |
| cosign-release: "v2.2.4" | |
| # Cosign expects the docker config.json for registry authentication so we must | |
| # copy it from buildah | |
| - name: Sign the published Docker image | |
| env: | |
| CONTAINER: ${{ env.NAME }}:${{ env.TAG }} | |
| DIGEST: ${{ steps.image-push.outputs.digest }} | |
| UPLOADREGISTRY: ${{ matrix.upload_registry }} | |
| run: | | |
| cat "${XDG_RUNTIME_DIR}/containers/auth.json" > ~/.docker/config.json | |
| cosign sign --yes "${UPLOADREGISTRY}/${CONTAINER}@${DIGEST}" |